cybergate | df675b4ab017dc6ba08532c408da0b4177fe3f7890ad757aa6dd41bddad220c1 | Triage

Sharing

General

Target

JaffaCakes118_1c370b16509be524bca7846b4e0ed8d2
Size

290KB
Sample

250124-adrnqs1qfj
MD5

1c370b16509be524bca7846b4e0ed8d2
SHA1

ebee2322b6c58706a45001be1210fd3251ac5cc0
SHA256

df675b4ab017dc6ba08532c408da0b4177fe3f7890ad757aa6dd41bddad220c1
SHA512

ea45f4ea4f71adf5777e12e8ce2e462dfc4495e06fe13616ef571ec4333463f27c9a8a872be3d1a6a8df4ecf4b1d03f528e794cfd487bbb15f83dbae9651db20
SSDEEP

6144:WOpslhlqShdBCkWYxuukP1pjSKSNVkq/MVJbi:WwslZTBd47GLRMTbi

Score

10^/10

cybergate update5 discovery

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

Update5

C2

spidernet.servebeer.com:569

Mutex

4Q0K4W43G61PEQ

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
Microsoft
install_file
wininit.exe
install_flag
false
keylogger_enable_ftp
false
message_box_caption
Remote Administration anywhere in the world.
message_box_title
CyberGate
password
giblets1880
regkey_hkcu
Windows Explorer
regkey_hklm
Windows Firewall

Targets

- Target
  
  JaffaCakes118_1c370b16509be524bca7846b4e0ed8d2
- Size
  
  290KB
- MD5
  
  1c370b16509be524bca7846b4e0ed8d2
- SHA1
  
  ebee2322b6c58706a45001be1210fd3251ac5cc0
- SHA256
  
  df675b4ab017dc6ba08532c408da0b4177fe3f7890ad757aa6dd41bddad220c1
- SHA512
  
  ea45f4ea4f71adf5777e12e8ce2e462dfc4495e06fe13616ef571ec4333463f27c9a8a872be3d1a6a8df4ecf4b1d03f528e794cfd487bbb15f83dbae9651db20
- SSDEEP
  
  6144:WOpslhlqShdBCkWYxuukP1pjSKSNVkq/MVJbi:WwslZTBd47GLRMTbi
Score

3^/10

discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

update5cybergate

behavioral1

behavioral2